Multiple vulnerabilities have been found in Linux-PAM, allowing
local attackers to possibly gain escalated privileges, cause a Denial of
Service, corrupt data, or obtain sensitive information.

Background

Linux-PAM (Pluggable Authentication Modules) is an architecture allowing
the separation of the development of privilege granting software from the
development of secure and appropriate authentication schemes.

Multiple vulnerabilities have been discovered in Linux-PAM. Please
review the CVE identifiers referenced below for details.

Impact

A local attacker could use specially crafted files to cause a buffer
overflow, possibly resulting in privilege escalation or Denial of
Service. Furthermore, a local attacker could execute specially crafted
programs or symlink attacks, possibly resulting in data loss or
disclosure of sensitive information.